[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #383899 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Sep 2 02:45:58 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, September 2, 2025 2:45:46 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #383899 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 383899

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  54852000      182840        19.5%   23.220.255.161
  52985400      176618        18.8%   23.220.255.172
  14317500       47725         5.1%    132.73.124.68
  12903300       43011         4.6%    132.73.124.48
   6695700       22319         2.4%    132.73.124.96
   5962200       19874         2.1%   23.220.255.150
   5522700       18409         2.0%    104.83.83.214
   4370700       14569         1.6%    17.253.15.201
   3757800       12526         1.3%     132.73.124.8
   3570900       11903         1.3%    132.73.124.40

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  29251500       97505        10.4%   23.220.255.161
  29025300       96751        10.3%    132.73.124.68
  27963300       93211         9.9%   23.220.255.172
  20408100       68027         7.2%    132.73.124.48
  12905100       43017         4.6%    132.73.124.96
   7065600       23552         2.5%    132.73.124.40
   6953400       23178         2.5%     132.73.124.8
   6901500       23005         2.4%    132.73.124.72
   5641800       18806         2.0%    132.71.146.63
   5360100       17867         1.9%    132.73.124.60

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  23.220.255.161        443                                82120636500
  23.220.255.161                                           82120636500
  23.220.255.172        443                                79322165400
  23.220.255.172                                           79322165400
                        443   132.73.124.68                43004481600
                              132.73.124.68                43004481600
                              132.73.124.48                29853563700
                        443   132.73.124.48                29562009900
                              132.73.124.96                18920393100
                        443   132.73.124.96                18917455200

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-09-01 23:45:37
End Time: ongoing

First Event Seen: 2025-09-01 23:43:00
Last Event Seen: 2025-09-01 23:44:00

Further Details:
https://primary.nemo.geant.org/alerts/details/383899/

More information about the Nemo-ddos-list mailing list